A system administrator who was using an account with elevated privileges deleted a large amount of log files generated by a virtual hypervisor in order to free up disk space. These log files are needed by the security team to analyze the health of the virtual machines. Which of the following compensating controls would help prevent this from reoccurring? (Select two.)

A.

Succession planning

B.

Separation of duties

C.

Mandatory vacation

D.

Personnel training

E.

Job rotation

Correct Answer:BD

QUESTION 82

A university wants to increase the security posture of its network by implementing vulnerability scans of both centrally managed and student/employee laptops. The solution should be able to scale, provide minimum false positives and high accuracy of results, and be centrally managed through an enterprise console. Which of the following scanning topologies is BEST suited for this environment?

A.

A passive scanning engine located at the core of the network infrastructure

B.

A combination of cloud-based and server-based scanning engines

C.

A combination of server-based and agent-based scanning engines

D.

An active scanning engine installed on the enterprise console

Correct Answer:D

QUESTION 83

Several users have reported that when attempting to save documents in team folders, the following message is received:

The File Cannot Be Copied or Moved – Service Unavailable.

Upon further investigation, it is found that the syslog server is not obtaining log events from the file server to which the users are attempting to copy files. Which of the following is the MOST likely scenario causing these issues?

A.

The network is saturated, causing network congestion

B.

The file server is experiencing high CPU and memory utilization

C.

Malicious processes are running on the file server

D.

All the available space on the file server is consumed

Correct Answer:A

QUESTION 84

An analyst has initiated an assessment of an organization’s security posture. As a part of this review, the analyst would like to determine how much information about the organization is exposed externally. Which of the following techniques would BEST help the analyst accomplish this goal? (Select two.)

A.

Fingerprinting

B.

DNS query log reviews

C.

Banner grabbing

D.

Internet searches

E.

Intranet portal reviews

F.

Sourcing social network sites

G.

Technical control audits

Correct Answer:DF

QUESTION 85

Which of the following policies BEST explains the purpose of a data ownership policy?

A.

The policy should describe the roles and responsibilities between users and managers, and the management of specific data types.

B.

The policy should establish the protocol for retaining information types based on regulatory or business needs.

C.

The policy should document practices that users must adhere to in order to access data on the corporate network or Internet.

D.

The policy should outline the organization’s administration of accounts for authorized users to access the appropriate data.

Correct Answer:D

QUESTION 86

Which of the following is MOST effective for correlation analysis by log for threat management?

A.

PCAP

B.

SCAP

C.

IPS

D.

SIEM

Correct Answer:D

QUESTION 87

A security analyst is attempting to configure a vulnerability scan for a new segment on the network. Given the requirement to prevent credentials from traversing the network while still conducting a credentialed scan, which of the following is the BEST choice?

A.

Install agents on the endpoints to perform the scan

B.

Provide each endpoint with vulnerability scanner credentials

C.

Encrypt all of the traffic between the scanner and the endpoint

D.

Deploy scanners with administrator privileges on each endpoint

Correct Answer:A

QUESTION 88

An analyst has received unusual alerts on the SIEM dashboard. The analyst wants to get payloads that the hackers are sending toward the target systems without impacting the business operation. Which of the following should the analyst implement?

A.

Honeypot

B.

Jump box

C.

Sandboxing

D.

Virtualization

Correct Answer:A

QUESTION 89

A reverse engineer was analyzing malware found on a retailer’s network and found code extracting track data in memory. Which of the following threats did the engineer MOST likely uncover?

A.

POS malware

B.

Rootkit

C.

Key logger

D.

Ransomware

Correct Answer:A

QUESTION 90

Which of the following BEST describes the offensive participants in a tabletop exercise?